This SRV record has worked for the longest time but now it no longer does

I have had this SRV record working just fine for the longest time now and all the sudden it doesn’t work.

  • Type: SRV
  • Service: _minecraft
  • Protocol: TCP
  • Name: mc
  • TTL: Auto
  • Priority: 0
  • Weight: 5
  • Port: 25565
  • Target <my public IP>

This has worked for a year or two. It worked just fine earlier today. I went from Flexible SSL to Full and checked “Always use HTTPS” in Edge Certificates and then it just stopped working. I changed those back to their previous settings for testing, but it still stopped working.

If I nmap the port internally, it is open. If I nmap the port externally using my public IP, it is open. But when I nmap the port through CloudFlare, it is filtered.

It may be time for me to stop relying on CloudFlare and get a proper DNS provider, but I’d really like to understand how this stopped working and how to get it working again.

Is the record correctly returned if you query the DNS server? If so (and I expect that to be, since Cloudflare is a proper DNS provider, one of if not the best available) that is everything Cloudflare is doing with that IP. It’s not proxied.

The problem is somewhere else for sure…

Here’s what I know:

I have replaced the following for privacy reasons:

My domain is:
My public IP is:
The server's internal IP is:

Running nmap -p 25565 returns:

25565/tcp open  minecraft

Running nmap -p 25565 returns:

25565/tcp open  minecraft

Running nmap -p 25565 returns:

25565/tcp filtered minecraft

Now as far as querying the DNS server, I have had no luck. But to be fair, most of my records are not returned when running nslookup -q=A so I’m not sure how I would check.

What I do know is that the issue exists at cloudflare as I’m able to get inside my network just fine on that port. It’s certainly something I have done, but I am dumbfounded as to what I have done.

The last nmap tells me it’s probably because your hostname is proxied, is it :orange: in the DNS tab? In that case set it to :grey:.

If the only record is the SRV one then it points directly to the IP and then without knowing the domain name I can’t do any tests.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.